package com.xiaoze.springcloud.config;

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;

/**
 * @author xiaoze
 * @date 2020/6/4
 */
@EnableWebFluxSecurity
public class ResourceServerConfigurer {

    @Bean
    SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) throws Exception {
        http.authorizeExchange()
//                .pathMatchers("/courseType/").permitAll()
//                .pathMatchers("/**").authenticated()
                .pathMatchers("/**").permitAll()
                .anyExchange().authenticated()
                .and().cors().disable()
                .csrf().disable();
        http.oauth2ResourceServer().jwt();
        return http.build();
    }

}
